When a user logs in I need to execute a command that needs escalated privileges. I don't want to give the user sudo access for that command. I just want to run this script for that user, not for all users.
Based on your comment, it sounds like you want user 'fred' to not have a regular shell but run the script 'foo' upon login. This can be done easily if you don't expect Fred to try very hard to escape his "sandbox".
$ cat ~fred/.bash_login
#!/bin/bash
exec /usr/local/bin/foo
## in ubuntu each user has a group of his "own"
$ sudo chown foo:fred ~fred ~fred/.bash_login /usr/local/bin/foo
## prevent fred from altering the files and directories we care about
$ sudo chmod g-w ~fred ~fred/.bash_login /usr/local/bin/foo
## make script foo run with user foo's privileges
$ sudo chmod u+s /usr/local/bin/foo
So fred will now not even get a shell prompt because the first thing his login shell does is replace itself with foo; when script foo exits, fred will be logged out. The reason Fred should lack motivation to climb out of this sandbox is that many programs allow subordinate shells to be opened which would allow fred to undo the poor-man's lockout shown here.
Using this method with "root" instead of some non-superuser foo can be used to hijack root, so don't do that.
